CVE-2012-1911

Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php.  NOTE: the edit.php vector is already covered by CVE-2008-2565.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
chatelaophp_address_book
𝑥
≤ 6.2.11
chatelaophp_address_book
1.0
chatelaophp_address_book
1.2
chatelaophp_address_book
2.0
chatelaophp_address_book
2.1
chatelaophp_address_book
2.1.1
chatelaophp_address_book
2.2
chatelaophp_address_book
2.3
chatelaophp_address_book
2.4
chatelaophp_address_book
2.6
chatelaophp_address_book
3.0
chatelaophp_address_book
3.1
chatelaophp_address_book
3.1.1
chatelaophp_address_book
3.1.2
chatelaophp_address_book
3.1.3
chatelaophp_address_book
3.1.4
chatelaophp_address_book
3.1.5
chatelaophp_address_book
3.1.6
chatelaophp_address_book
3.2
chatelaophp_address_book
3.2.1
chatelaophp_address_book
3.2.2
chatelaophp_address_book
3.2.3
chatelaophp_address_book
3.2.4
chatelaophp_address_book
3.2.5
chatelaophp_address_book
3.2.6
chatelaophp_address_book
3.2.7
chatelaophp_address_book
3.2.8
chatelaophp_address_book
3.2.9
chatelaophp_address_book
3.2.10
chatelaophp_address_book
3.2.11
chatelaophp_address_book
3.2.12
chatelaophp_address_book
3.2.13
chatelaophp_address_book
3.2.14
chatelaophp_address_book
3.3
chatelaophp_address_book
3.3.1
chatelaophp_address_book
3.3.2
chatelaophp_address_book
3.3.3
chatelaophp_address_book
3.3.4
chatelaophp_address_book
3.3.5
chatelaophp_address_book
3.3.6
chatelaophp_address_book
3.3.7
chatelaophp_address_book
3.3.8
chatelaophp_address_book
3.3.9
chatelaophp_address_book
3.3.10
chatelaophp_address_book
3.3.12
chatelaophp_address_book
3.3.13
chatelaophp_address_book
3.3.14
chatelaophp_address_book
3.3.15
chatelaophp_address_book
3.3.16
chatelaophp_address_book
3.3.17
chatelaophp_address_book
3.3.18
chatelaophp_address_book
3.4
chatelaophp_address_book
3.4.1
chatelaophp_address_book
3.4.2
chatelaophp_address_book
3.4.3
chatelaophp_address_book
3.4.4
chatelaophp_address_book
3.4.5
chatelaophp_address_book
3.4.6
chatelaophp_address_book
3.4.7
chatelaophp_address_book
3.4.8
chatelaophp_address_book
3.4.9
chatelaophp_address_book
4.0
chatelaophp_address_book
4.0.2
chatelaophp_address_book
4.1.1
chatelaophp_address_book
4.1.3
chatelaophp_address_book
4.1.4
chatelaophp_address_book
5.0
chatelaophp_address_book
5.0:beta
chatelaophp_address_book
5.1
chatelaophp_address_book
5.2
chatelaophp_address_book
5.3
chatelaophp_address_book
5.4
chatelaophp_address_book
5.4.1
chatelaophp_address_book
5.4.2
chatelaophp_address_book
5.4.3
chatelaophp_address_book
5.4.4
chatelaophp_address_book
5.4.5
chatelaophp_address_book
5.4.6
chatelaophp_address_book
5.4.7
chatelaophp_address_book
5.4.9
chatelaophp_address_book
5.5
chatelaophp_address_book
5.6
chatelaophp_address_book
5.7
chatelaophp_address_book
5.7.1
chatelaophp_address_book
5.7.2
chatelaophp_address_book
5.7.3
chatelaophp_address_book
5.7.4
chatelaophp_address_book
5.7.5
chatelaophp_address_book
5.8.1
chatelaophp_address_book
6.0
chatelaophp_address_book
6.1
chatelaophp_address_book
6.1.1
chatelaophp_address_book
6.1.2
chatelaophp_address_book
6.1.3
chatelaophp_address_book
6.1.4
chatelaophp_address_book
6.2
chatelaophp_address_book
6.2.1
chatelaophp_address_book
6.2.2
chatelaophp_address_book
6.2.3
chatelaophp_address_book
6.2.4
chatelaophp_address_book
6.2.5
chatelaophp_address_book
6.2.6
chatelaophp_address_book
6.2.7
chatelaophp_address_book
6.2.9
chatelaophp_address_book
6.2.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929
http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929
http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt
http://www.exploit-db.com/exploits/18578
http://www.securityfocus.com/bid/52396
https://exchange.xforce.ibmcloud.com/vulnerabilities/73943
http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929
http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929
http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt
http://www.exploit-db.com/exploits/18578
http://www.securityfocus.com/bid/52396
https://exchange.xforce.ibmcloud.com/vulnerabilities/73943